blob: 3bc69899b8b6bf782c747458c5515cb6659c64f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?xml version='1.0'?>
<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
]>
<section id="dropwatchsect">
<title>Monitoring Network Packets Drops in Kernel</title>
<indexterm>
<primary>script examples</primary>
<secondary>network profiling</secondary>
</indexterm>
<indexterm>
<primary>examples of SystemTap scripts</primary>
<secondary>network profiling</secondary>
</indexterm>
<indexterm>
<primary>network profiling</primary>
<secondary>examples of SystemTap scripts</secondary>
</indexterm>
<remark>
probably http://sourceware.org/systemtap/examples/network/nettop.stp
</remark>
<indexterm>
<primary>profiling the network</primary>
<secondary>examples of SystemTap scripts</secondary>
</indexterm>
<indexterm>
<primary>network traffic, monitoring</primary>
<secondary>examples of SystemTap scripts</secondary>
</indexterm>
<para>
<indexterm><primary>tracepoint</primary></indexterm>
The network stack in Linux
can discard packets for various reasons. Some Linux kernels include a
tracepoint, <command>kernel.trace("kfree_skb")</command>, which easily tracks where packets
are discarded. <xref linkend="dropwatch"/> uses <command>kernel.trace("kfree_skb")</command> to trace
packet discards; the script summarizes which locations
discard packets every five-second interval.
</para>
<formalpara id="dropwatch">
<title>dropwatch.stp</title>
<para>
<programlisting>
<xi:include parse="text" href="extras/testsuite/systemtap.examples/network/dropwatch.stp" xmlns:xi="http://www.w3.org/2001/XInclude" />
</programlisting>
</para>
</formalpara>
<para>
The <command>kernel.trace("kfree_skb")</command> traces which places
in the kernel drop network packets. The
<command>kernel.trace("kfree_skb")</command> has two arguments: a pointer to the
buffer being freed (<command>$skb</command>) and the location in kernel code the
buffer is being freed (<command>$location</command>).
</para>
<para>
Running the dropwatch.stp script 15 seconds would result in output similar in
<xref linkend="dropwatchoutput"/>. The output lists the number of misses for
tracepoint address and the actual address.
</para>
<example id="dropwatchoutput">
<title><xref linkend="dropwatch"/> Sample Output</title>
<screen>
Monitoring for dropped packets
51 packets dropped at location 0xffffffff8024cd0f
2 packets dropped at location 0xffffffff8044b472
51 packets dropped at location 0xffffffff8024cd0f
1 packets dropped at location 0xffffffff8044b472
97 packets dropped at location 0xffffffff8024cd0f
1 packets dropped at location 0xffffffff8044b472
Stopping dropped packet monitor
</screen>
</example>
<para>
To make the location of packet drops more meaningful, refer to the
<filename>/boot/System.map-`uname -r`</filename> file. This file lists the
starting addresses for each function, allowing you to map the
addresses in the output of <xref linkend="dropwatchoutput"/> to a specific
function name. Given the following snippet of the <filename>/boot/System.map-`uname -r`</filename> file,
the
address 0xffffffff8024cd0f maps to the function
<command>unix_stream_recvmsg</command> and the address 0xffffffff8044b472 maps
to the function <command>arp_rcv</command>:
</para>
<!--
<para>
The functions containing the location of the packet drops is determined using
<command>/boot/System.map-`uname -r`</command> file. The System.map file lists
the starting addesses for each function. Below are the sections of the
System.map file containing the addresses in the dropwatch.stp output. The
address 0xffffffff8024cd0f maps to the function
<command>unix_stream_recvmsg</command> and the address 0xffffffff8044b472 maps
to the function <command>arp_rcv</command>.
</para>
-->
<screen>
[...]
ffffffff8024c5cd T unlock_new_inode
ffffffff8024c5da t unix_stream_sendmsg
ffffffff8024c920 t unix_stream_recvmsg
ffffffff8024cea1 t udp_v4_lookup_longway
[...]
ffffffff8044addc t arp_process
ffffffff8044b360 t arp_rcv
ffffffff8044b487 t parp_redo
ffffffff8044b48c t arp_solicit
[...]
</screen>
</section>
|
